diff --git a/ansible-playbooks/update_bmc_user_password.yml b/ansible-playbooks/update_bmc_user_password.yml new file mode 100644 index 0000000..7a5710e --- /dev/null +++ b/ansible-playbooks/update_bmc_user_password.yml @@ -0,0 +1,165 @@ +--- +- name: Update BMC User Password + hosts: localhost + connection: local + gather_facts: False + vars_prompt: + - name: ip + prompt: "Input the BMC IP address" + private: no + - name: login_account + prompt: "Input the BMC login user name" + private: no + - name: login_password + prompt: "Input the BMC login user password" + private: no + - name: username + prompt: "Input the name of BMC user to be updated(If not specified, the password of default BMC account will be updated)" + private: no + - name: new_password + prompt: "Input new password of BMC user" + private: no + + tasks: + - name: Set login URL + set_fact: + login_host: "https://{{ ip }}" + + - name: Login to BMC + uri: + url: "{{ login_host }}/redfish/v1/SessionService/Sessions" + method: POST + user: "{{ login_account }}" + password: "{{ login_password }}" + force_basic_auth: yes + body_format: json + body: + UserName: "{{ login_account }}" + Password: "{{ login_password }}" + return_content: yes + status_code: 201 + validate_certs: no + register: login_response + failed_when: login_response.status != 201 + + - name: Set session headers + set_fact: + session_headers: + X-Auth-Token: "{{ login_response.x_auth_token }}" + Content-Type: "application/json" + + - name: Determine account URL + set_fact: + target_account_url: "{{ account_url if account_url is defined and account_url is not none and account_url != '' else '/redfish/v1/AccountService/Accounts/1' }}" + + - name: Update default BMC account password if no username specified + when: username is not defined or username is none or username == '' + uri: + url: "{{ login_host }}{{ target_account_url }}" + method: PATCH + headers: "{{ session_headers }}" + body_format: json + body: + Password: "{{ new_password }}" + status_code: [200, 204] + validate_certs: no + register: update_response + failed_when: update_response.status not in [200, 204] + + - name: Get AccountService URL + when: username is defined and username is not none and username != '' + uri: + url: "{{ login_host }}/redfish/v1" + method: GET + headers: "{{ session_headers }}" + return_content: yes + status_code: 200 + validate_certs: no + register: base_url_response + failed_when: base_url_response.status != 200 + + - name: Get Accounts URL + when: username is defined and username is not none and username != '' + uri: + url: "{{ login_host }}{{ base_url_response.json.AccountService['@odata.id'] }}" + method: GET + headers: "{{ session_headers }}" + return_content: yes + status_code: 200 + validate_certs: no + register: account_service_response + failed_when: account_service_response.status != 200 + + - name: Get Accounts + when: username is defined and username is not none and username != '' + uri: + url: "{{ login_host }}{{ account_service_response.json.Accounts['@odata.id'] }}" + method: GET + headers: "{{ session_headers }}" + return_content: yes + status_code: 200 + validate_certs: no + register: accounts_response + failed_when: accounts_response.status != 200 + + - name: Loop through accounts to get all accounts info + when: username is defined and username is not none and username != '' + uri: + url: "{{ login_host }}{{ item['@odata.id'] }}" + method: GET + headers: "{{ session_headers }}" + return_content: yes + status_code: 200 + validate_certs: no + with_items: "{{ accounts_response.json.Members }}" + register: account_details + loop_control: + label: "{{ item['@odata.id'] }}" + + - name: Find the account with the specified username + set_fact: + target_account: "{{ item }}" + loop: "{{ account_details.results }}" + when: + - username is defined and username is not none and username != '' + - item.json.UserName == username + loop_control: + label: "{{ item.json['@odata.id'] }}" + + - name: Update the specified BMC user password + when: username is defined and username is not none and username != '' and target_account is defined + uri: + url: "{{ login_host }}{{ target_account.json['@odata.id'] }}" + method: PATCH + headers: "{{ session_headers | combine({'If-Match': target_account.json['@odata.etag'] | default('*')}) }}" + body_format: json + body: + Password: "{{ new_password }}" + status_code: [200, 204] + validate_certs: no + register: update_user_response + failed_when: update_user_response.status not in [200, 204] + + - name: Logout from BMC + uri: + url: "{{ login_host }}{{ login_response.json['@odata.id'] }}" + method: DELETE + headers: "{{ session_headers }}" + status_code: 204 + validate_certs: no + ignore_errors: yes + + - name: Check if the specified username was found + when: username is defined and username is not none and username != '' and target_account is not defined + fail: + msg: "Specified BMC username '{{ username }}' doesn't exist. Please check whether the BMC username is correct." + + - name: Display success message for specified user + when: username is defined and username is not none and username != '' and target_account is defined + debug: + msg: "The BMC user '{{ username }}' password is successfully updated." + + - name: Display success message for default user + when: username is not defined or username is none or username == '' + debug: + msg: "The default BMC user password is successfully updated."